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Sir: 



This is an Appeal Brief in connection with the decisions of the Examiner in a Final Office 
Action, including final rejection, dated December 19, 2007, and the Notice of Appeal filed on 
March. 11, 2008. It is respectfully submitted that the present application has been more than 
twice rejected. Each of the topics required in an Appeal Brief and a Table of Contents are 
presented herewith and labeled appropriately. 
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(1) Real Party in Interest 

The real party in interest is Hewlett-Packard Development Company, LJP. 

(2) Related Appeals and Interferences 

The Appellant is unaware of any appeals or interferences related to this case 

(3) Status of Claims 

Claims 1 -28 and 30-36 are pending in the present application of which claims 1, 11, 17, 
1 9, 26, 28 and 36 are independent 
Claim 29 is canceled. 
Claims 1-28 and 30-36 are rejected. 
Claims 1-28 and 30-36 arc appealed, 

(4) Status of Amendments 

No amendment was filed subsequent to the Final Office Action dated December 1 9, 

2007. 

(5) Summary of Claimed Subject Matter 

It should be understood that the subject matter of the independent claims and dependent 
claims recited below is supported in at least the following cited sections of the present 
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application* Thus, other sections in the present application may provide the same or additional 
supports as well. 

Independent Claims 

Claim 1, A secure token for use with an encrypted file and an insecure decryption device, the 
secure token comprising a processor for protecting a first cryptographic key against unauthorized 
access, and (paragraphs 22 and 25, fig 2) creating a second cryptographic key from the first key 
and a message unique to the insecure device, the second key usable for file decryption by the 
insecure device, (paragraph 32, fig 3) 

Claim 11. An article for a secure device, the secure device including a processor, the secure 
device used in combination with an insecure device, (paragraphs 22 and 25, fig 2) the article 
comprising memory encoded with data for instructing the processor to protect a first 
cryptographic key against unauthorized access (paragraph 31 ), use a hash function to create a 
second cryptographic key from the firet key and a message unique to the insecure device, and 
send the second key to the insecure device, (paragraph 35, fig 4) 

Claim 17. A data rights management server for use with a media transaction system, (fig 1 ) the 

server comprising a processing unit programmed to cause the server to establish a secure channel 

with a smart card, access a unique identifier corresponding to an insecure device, (paragraph 29, 

fig 3) send a first cryptographic key to the smart card via the secure channel, (paragraph 29, fig 
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3) receive a unique identifier from the insecure device, create a second key from the first key and 
the identifier (paragraphs 32-33, fig 3); encrypt a media file with the second key, and send the 
encrypted media file to the insecure device, the first key corresponding to the media file, 
(paragraphs 32-34, fig 3) 

Claim 19. A method of using an insecure decryption, device for file distribution, the method 
comprising: 

accessing a message unique to the insecure device; (paragraphs 60-61, fig 7) 
accessing a first cryptograph] c key; (paragraphs 60-61 , fig 7) 

creating a second cryptographic key from the message and the first key; and (paragraphs 
63-64, fig 7) 

allowing the insecure device to access the second key but not the first key; whereby the 
insecure device can use the second key for decryption- (paragraph 65, fig 7) 

Claim 26, An insecure decryption device for use with a secure device and a first cryptographic 
key, the device comprising: (fig 1) 

means for sending a message to the secure device, the message unique to the insecure 
device; (paragraphs 60-61, fig 7 and paragraph 27, figs 3^) 

means for receiving a second cryptographic key from the secure device, the second 
cryptographic key derived from die message and the first cryptographic key; and (paragraphs 65- 
66, fig 7 and paragraph 32-34, figs 3-4) 
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means for performing decryption with the second cryptographic key* (paragraph 66, fig 7 
and paragraph 35, figs 3-4) 

Claim 28. A trusted system for file distribution, the system comprising: 
an insecure device; (figs 1 and 6) and 

a trusted secure device for storing a first cryptographic key, accessing a message from the 
insecure device wherein the message is unique to the insecure device, creating a second 
cryptographic key from the message and the first key, and allowing the insecure device to access 
the second key, the first key granting file access rights; (figs 3 and 7,.paragraphs 27-34 and 59- 
69) 

the insecure device not allowed to access the first key, the insecure device using the 
second key for decryption, (figs 3 and 7, paragraphs 27-34 and 59-69) 

Claim 36. A trusted media transaction system comprising 
an insecure media player; and (figs 1 and 6) 

a trusted secure token for performing an electronic transaction to obtain a first 
cryptographic key, accessing a message from the insecure device wherein the message is unique 
to the insecure device, creating a second cryptographic key from the message and the first key, 
and allowing the insecure device to access the second key, the first key granting media file 
access rights; (figs 3 and 7, paragraphs 27-34 and 59-69) 
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the insecure device configured to use the second key for media file decryption* (figs 3 
and 7, paragraphs 27-34 and 59-69) 

Dependent _C1airns 

Claim 7. The secure token of claim 4, wherein the secure token conducts a transaction with a 
peer to sell a file; and wherein the secure token sends the first key to the peer, (paragraphs 21, 
22*27-32,36^3) 

Claim 8; The secure token of claim 7, wherein the secure token creates a third key that is ; 
unique to the peer, and sends the third key to the insecure device and the peer (paragraphs 21- 
22,27-32,36-43) ^ 

Claim 1 5. The article of claim 13, wherein the secure device conducts a transaction with a peer 
to sell a file; and wherein the secure device sends the first key to the peer, (paragraphs 21, 22, 
27-32,36-43) 

Claim 1 6. The article of claim 1 5, wherein the data further instructs the processor to create a 
third key that is unique to the peer, sends the third key to the insecure device and the peer* 
(paragraphs 21 , 22, 27-32, 36-43) 
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Claim 24. The method of claim 21 , wherein the electronic transaction is conducted with a peer 
to sell a file; the method further comprising sending Ihe first key to the peer, (paragraphs 21 , 22, 
27-32, 36-43) 

Claim 25. The method of claim 24, further comprising creating a third key that is unique to the 
peer, and sending the third key to the insecure device and the peer, (paragraphs 21 , 22, 27-32, 
36-43) 

(6) Grounds of Rejection to be Reviewed on Appeal 

A. Claims 1 -36 are rqected under 35 U.S.C. §1 12, second paragraph, as being 
indefinite for failing to particularly point out and distincfly claim the subject matter which 
applicant regards as the invention. 

B. Claims 1 -28 and 3 0-36 are rejected under 35 U-S.C. § 1 02(b) as being anticipated 
by Kocher et al. (6,289,455), referred to as Kocbcr. 
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(7) Arguments 

A. The_reiection_of_clnimsJ-.36 under 112 2 n4 paragraph should bc rcycrscd because 
claims 1-28 and 30-36 arc definite^ 

Claims 1-36 were rejected under 35 U.S.C. §1 12, second paragraph, as being indefinite 
for foiling to particularly point out and distinctly claim the subject matter which applicant 
regards as the invention. 

Note that claim 29 was previously canceled, so the rejection incorrectly rejects claim 29. 

Independent claim 1 was rejected because i4 thc first key", "the second key",* and "the 
insecure device" allegedly lack antecedent basis. Independent claim 1 and its dependent claims ' 
only reference one first key (Le., a first cryptographic key), and only reference one second key " 

a second cryptographic key), and only reference one insecure device (ie., an insecure 
decryption device). Accordingly, the Applicants believe "the first key" clearly refers to the 
claimed first cryptographic key, "the second key" clearly refers to the claimed second 
cryptographic key, and "the insecure device" clearly refers to the claimed insecure decryption 
device. Thus claim 1 is believed to be definite. Similar rejections were made for independent 
claims 1 1, 17, 19, 26, 28 and 36, and these claims arc also believed to be definite. 

For at least these reasons, the rejections under 1 12 second paragraph should be reversed. 
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B, Thcrc|cction of claims_lr28_and 30-36 under 35 U.S.C. JS1 02(h) as being anticipated 

by Koch er should be reversed because Kochcr fails to tench all the claimed features. 

The test for determining if a reference anticipates a claim, for purposes of a rejection 

under 35 U.S.C § 1 02, is whether the reference discloses all the elements of the claimed 

combination, or the mechanical equivalents thereof functioning in substantially the same way to 

produce substantially the same results* As noted by the Court of Appeals for the Federal Circuit 

in Lindemann Maschinenfabrick GmbH v. American Hoist and Derrick Co*, 221 USPQ 481 , 485 

(Fed. Cir- 1984), in evaluating the sufficiency of an anticipation rejection under 3S U.S.C- § 102, 

the Court stated: 

Anticipation requires the presence in a single prior art reference 1 
disclosure of each and every element of the claimed invention, 
arranged as in the claim. 

Therefore, if the cited reference does not disclose each and every clement of the claimed 

invention, then the cited reference fails to anticipate the claimed invention and, thus, the claimed 

invention is distinguishable over the cited reference. 

Claims 1 -36 were rejected under 35 U.S.C. § 1 02(b) as being anticipated by Kocher, 

According to an embodiment described in- the Applicants' specification, a device, such as 

a media player, that is operable to read a secure token, sends its unique ID, Nj, to a server, for 

example, to purchase a media file. After the purchase, the server sends a first cryptographic key 

Kj to the secure token. The server also uses a secure hash function to generate a second 

cryptographic key K ; from the first cryptographic key and the unique ID of the media player as 

follows: Kr^HCKj ,Nj). The server encrypts the media file with and sends it to the media 

10 
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player. The secure token gets Nj from the media player and calculates Kj, and sends K* to the 
media player. The media player may then decrypt the media file with K? received from the 
secure token and play the media file. See paragraphs 27-34 and figure 3. The unique ID of the 
device is a message of the device, such as a serial number. Another type of message unique to 
the media player and stored in the media player may be used to generate Kn. See paragraph 62. 
As described above, it should be noted that in these embodiments, a message unique to the media 
player, such as serial number, is used to generate Kj. 
Claim 1 recites, 

creating a second cryptographic key from the first key and a message 
unique to the insecure device, the second key usable for. file decryption by the 

insecure device, "ir 

Kochcr foils to teach creating a second key from a first key and a message unique to an 

insccmre_deyice > The rejection alleges this feature is taught in col. 8, lines 17-28 of Kocher. Tn 

this passage, Kochcr discloses a Key Derivation Message (KDM), which is a message generated 

by the content provider to allow a CRU to derive a key corresponding to digital content, and the 

KDM is usually transmitted with the content. 

However, Kocher fails to teach that the KDM is unique to an insecure device. Instead, 

» 

unlike the embodiments of the Applicants* invention where the unique message is initially stored 
in the insecure device and sent to the server, in Kocher the KDM is generated by the content 
provider and sent to the playback device 21 0. Thus, it appears Kocher generates a KDM for 
each content rather than a KDM unique to the playback device. There is clearly no disclosure 
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and no other support, either expressly or inherently, in Kochcr teaching the KDM is unique to the 
playback device 210* 

In the Response to Arguments section in the Final Office Action, page 3, the Examiner 
states that since digital content is variable, the message (referring to the KDM) is unique to the 
' device* As described above, this assumption is not supported by the disclosure of Kochcr. 
Instead, the KDM clearly could be unique to the content* Thus, the content could be played on 
different devices. 

Independent claim 1 1 recites using a hash function to create a second key from the first 
key and a message unique to the insecure device. Kocher fails to teach the message unique to 
the insecure device, or using a hash function to create a second key from the first key and the 
message unique to the insecure device. 

Regarding these features of claim 11 , for the reasons set forth above with respect to claim 
1 , Kocher fails to teach the message unique to the insecure device. Regarding the hash function, 
Kochcr discloses a pseudoasymmctric function in column 8, lines 28-44* Lines 39-44 disclose 
that the function is used for encryption* Claim 1 1 recites using a hash function to create a 
second key from the first key and the message unique to the insecure device. Claim 1 1 does not 
reciting using the hash function to encrypt* Kocher fails to teach using a hash function to create 
a second key. 

Independent claim 17 recites a data rights management server receiving a unique 
identifier from the insecure device. As described above, Kochcr fails to teach the content 
provider receiving a unique identifier for the playback device from the playback device* Instead, 
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the KDM is generated at the content provider and is not received from the playback device* 
Also, Kochcr Ms to teach the KDM is unique to the playback device. 

Independent claims 19* 28 and 36 recite accessing a message unique to the insecure 
device. Independent claim 26 recites sending a message unique to the insecure device. These 
features are not taught by Kocher for the reasons stated above. 

Many of the features of the dependent claims arc not taught by Kochcr. 

Claim 7 recites the secure token conducts a transaction with a peer to sell a file 

Claim 8 recites the secure token creates a third key unique the peer and sends the third 
key to the peer and the insecure device. Kochcrfails to teach the smart card is used to sell a file, 
: and fails to teach creating a third key for the peer and sending the third key to both the peer and 
the playback devi ce. 

Claim IS, 16, 24 and 25 recite similar features. 

None of these features of claims 7, 8, 1 5, 1 6, 24 and 25 are taught by Kocher. 
For at least these reasons claims 1 -28 and 30-36 are believed to be allowable. 
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(8) Conclusion 

For at least the reasons given above, the rejection of claims 1 -43 described above and the 
objection to the Abstract described above should be reversed and these claims allowed. 

Please grant any required extensions of time and charge any fees due in connection with 
this Appeal Brief to deposit account no. 08-2025. 

Respectfully submitted, 



Dated: May 12, 2008 



By CUd£jL/ 

Ashok K. Manffava 



Registration No.: 45,301 



MANNAVA & KANG, P.C 

1 1240 Waplcs Mill Road 

Suite 300 

Fairfax, VA 22030 

(703) 652-3822 

(703) 865-5150 (facsimile) 
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(9) Claim Appendix 

1 . A secure token for use with an encrypted file and an insecure decryption device, the secure 
token comprising a processor for protecting a first cryptographic key against unauthorized 
access, and creating a second cryptographic key from the first key and a message unique to the 
insecure device, the second key usable for file decryption by the insecure device. 

2* The secure token of claim 1 wherein the secure token includes a smart card, the smart card 
including the processor. 



3. Tine secure token of claim 1, wherein the processor uses a hash function to create the second 
key from the message and the first key* 

4. The secure token of claim 1 , wherein the secure token performs an electronic transaction to 
obtain the first key. 

5* The secure token of claim 4, wherein the secure token conducts a transaction with a server to 
purchase a desired file; and wherein the secure token receives the first key from the server* 

6, The secure token of claim 4, wherein the secure token conducts a transaction with a peer to 
purchase a file; and wherein the secure token receives the first key from the peer* 



IS 
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7. The secure token of claim 4, wherein the secure token conducts a transaction with a peer to 
sell a file; and wherein the secure token sends the first key to the peer, 

8. The secure token of claim 7 T wherein the secure token creates a third key that is unique to 
the peer, and sends the third key to the insecure device and the peer. 

9. The secure token of claim 1 , further comprising means for receiving the first key and 
encrypted data, wherein the insecure device uses the second key to decrypt the encrypted data* 

1 0. The secure token of claim 1, wherein processing power of the secure token is significantly 
less than processing power of the insecure device, 

11. An article for a secure device, the secure device including a processor, the secure device 
used in combination with an insecure device, the article comprising memory encoded with data 
for instructing the processor to protect a first cryptographic key against unauthorized access, use 
a hash function to create a second cryptographic key from the first key and a message unique to 
the insecure device, and send the second key to the insecure device* 

12. The article of claim 1 1 , wherein data further instructs the processor to perform an 
electronic transaction to obtain the first key* 
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13- The article of claim 12, wherein the secure device conducts a transaction with a server to 
purchase a desired file; and wherein the secure device receives the first key from the server. 

14. The article of claim 13, wherein the secure device conducts a transaction with a peer to 
purchase a file; and wherein the secure device receives the first key from the peer. 

1 5. The article of claim 13, wherein the secure device conducts a transaction with a peer to sell 
a file; and wherein the secure device sends the first key to the peer. 

1 6. The article of claim 1 5, wherein the data further instructs the processor to create a third key 
that is unique to the peer, sends the third key to the insecure devi cc and the peer. 

1 7. A data rights management server for use with a media transaction system, the server 
comprising a processing unit programmed to cause the server to establish a secure channel with a 
smart card, access a unique identifier corresponding to an insecure device, send a first 
cryptographic key to the smart card via the secure channel, receive a unique identifier from the 
insecure device, create a second key from the first key and the identifier, encrypt a media file 
with the second key, and send the encrypted media file to the insecure device, the first key 
corresponding to the media file. 
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1 8. The server of claim 1 7, wherein the smart card and the server perform an electronic 
transaction for the first key. 

1 9* A method of using an insecure decryption device for file distribution, the method 
comprising: 

accessing a message unique to the insecure device; 
accessing a first cryptographic key; 

creating a second cryptographic key from the message and the first key; and 
allowing the insecure device to access the second key but not the first key; whereby the 
: insecure device can uscthcsccond kcy for decryptions . ^-v 

20. The method of claim 1 9, wherein a hash function is used to create the second key from the 
message and the first key. 

21. The method of claim 1 9, wherein accessing the first key includes performing an electronic 
transaction to obtain the first key, 

22. The method of claim 21 , wherein the electronic transaction is conducted with a server to 
purchase a desired file; and accessing the first key includes receiving the first key from the 
server. 
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23 , The method of claim 2 1 , wherein the electronic transaction is conducted with a peer to 
purchase a file; and wherein accessing the first key includes receiving the first key from the peer. 

24, The method of claim 21, wherein the electronic transaction is conducted with a peer to sell 
a file; the method further comprising sending the first key to the peer, 

25, The method of claim 24, further comprising creating a third key that is unique to the peer, 
and sending the third key to the insecure device and the peer. 

26, An insecure decryption device for use with a secure device and a first cryptographic key, 
the device comprising: 

means for sending a message to the secure device, the message unique to the insecure 

device; 

means for receiving a second cryptographic key from the secure device, the second 
cryptographic key derived from the message and the first cryptographic key; and 
means for performing decryption with the second cryptographic key, 

27, The device of claim 26, farther comprising means for playing media decrypted with the 
second cryptographic key. 

28, A trusted system for file distribution, the system comprising: 
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an insecure device; and 

a trusted secure device for storing a first cryptographic key, accessing a message from the 
insecure device wherein the message is unique to the insecure device, creating a second 
cryptographic key from the message and the first key, and allowing the insecure device to access 
the second key, the first key granting file access rights; 

the insecure device not allowed to access the first key, the insecure device using the 
second key for decryption. 

29* (Canceled), 

30- The system of claim 28, wherein the secure device is a secure token. 

3 1 . The system of claim 30, wherein the secure token includes a smart card 

32. The system of claim 3 1 , wherein the insecure device includes a media player, 

33* The system of claim 28, wherein the secure device is configured to perform an electronic 
transaction to obtain the first key. 

34. The system of claim 28, wherein processing power of the secure device is significantly less 
than processing power of the insecure device. 
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35. The system of claim 28, further comprising a pccr-to-pccr application for identifying peers 
having desired files, 

36. A trusted media transaction system comprising 

an insecure media player, and 

a trusted secure token for performing an electronic transaction to obtain a first 
cryptographic key, accessing a message from the insecure device wherein the message is unique 
to the insecure device, creating a second cryptographic key from the message and the first key, 
and allowing the insecure device to access the second key, the first key granting media file * 
access rights; • - 

the insecure device configured to use the second key for media file decryption. 
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(10) Evidence Appendix 

Attached is a copy of Kocher ct al., "The SSL Protocol Version 3.0", November 1 8, 
1 996, which is relied on by the Examiner to interpret the teachings of Aziz for the rqection of 
claims 1-3, 4 and 11-13 under 35 U.S.C. § 102(e) as being anticipated by Aziz. 
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(11) Related Proceedings Appendix 

None. 
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